Simple Guide to Wordlists

Mehul Panchal

The only advantage you can have above attackers in a BlackBox Pentest is your wordlists. For example, if an attacker has 100 words and a Pentester has 150 words, then after a Pentest, there is a higher chance that the Pentester would figure out more endpoints in the application than the attacker and so the Pentester will be able to report more vulnerabilities. This ultimately leads to robust security.

Whether you’re testing a Web/API server or performing an infrastructure Pentest, wordlists are your most important tool when it comes to discovering new endpoints or brute-forcing passwords.

I recommend keeping different wordlists for different purposes.

Here are the 3 robust steps that will help you create and maintain your wordlists:

1. Run CeWL on Target application

CeWL is an open-source tool to create wordlists by crawling through a web application. It will only create the wordlist with words that are found on the application, so there will be much less noise than a typical wordlist that you download from the internet.

2. Use AltDNS for Permutations

Assuming you have already run CeWL and created a wordlist. The next step is to run AltDNS to generate permutations of the wordlist that has been generated by CeWL. Usually, AltDNS results in a huge wordlist, it might take some time, so be patient. Good things take time. The result will be a master list. Be sure to sort and remove duplicates.

3. Maintaining the wordlist

Maintaining a healthy wordlist is the key to success of a penetration test. To do so, running CeWL on every web application you encounter and adding the output to the master list is important.

This is a good way to have a wordlist for your penetration tests. With each penetration test you perform, your master wordlist is going to get stronger and stronger. Now for wordlist of passwords, you can use a common password wordlist from the internet as an input to AltDNS would result in a great wordlist.

This article was updated on January 15, 2024

I'm Mehul Panchal (𝕏: @0daySecured), an Ethical Hacker and seasoned penetration tester with over 6.5 years of hands-on experience in identifying vulnerabilities and fortifying security for a diverse range of corporate clients. Holding both the OSCP and OSWE certifications, I bring a deep understanding of offensive security techniques and a commitment to staying ahead of the curve in the ever-evolving landscape of cybersecurity.

Currently based in the beautiful city, Prague. I provide my services for Forbes Top 500 ranked clients at a leading cybersecurity firm. My journey in this field began with self-learning computer science and OSCP certification, a foundation that has been significantly strengthened by continuous learning and practical application. My technical expertise is complemented by robust skills in consulting and technical writing, allowing me to effectively communicate the value of security solutions to stakeholders at all levels.